Vulnerability Description
Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly involving (a) lib/s3.cpp, (b) tools/afconvert.cpp, (c) tools/afcopy.cpp, (d) tools/afinfo.cpp, (e) aimage/imager.cpp, and (f) tools/afxml.cpp. NOTE: this identifier is intended to address the vectors that were not fixed in CVE-2007-2054, but the unfixed vectors were not explicitly listed.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Afflib | Afflib | <= 2.2.6 |
References
- http://securityreason.com/securityalert/2657
- http://www.securityfocus.com/archive/1/467040/100/0/threaded
- http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txtPatch
- http://securityreason.com/securityalert/2657
- http://www.securityfocus.com/archive/1/467040/100/0/threaded
- http://www.vsecurity.com/bulletins/advisories/2007/afflib-fmtstr.txtPatch
FAQ
What is CVE-2007-2352?
CVE-2007-2352 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple format string vulnerabilities in AFFLIB 2.2.6 allow remote attackers to execute arbitrary code via certain command line parameters, which are used in (1) warn and (2) err calls, possibly invo...
How severe is CVE-2007-2352?
CVE-2007-2352 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-2352?
Check the references section above for vendor advisories and patch information. Affected products include: Afflib Afflib.